VMware, virtualization software manager, has issued a security update for its vSphere API. This resolves a denial-of-service problem in ESX and ESXi. The ESX is a bare metal hypervisor, capable of enterprise level environments, where it doesn’t need a 3rd party operating system to run. Also, quite a few security updates were issued as part of this update.
The patch affects the following releases: VMware ESXi 4.1 without patch ESXi410-201211401-SG and VMware ESX 4.1 without patches ESX410-201211401-SG, ESX410-201211402-SG, ESX410-201211405-SG, and ESX410-201211407-SG.
Read more about the advisory, plus details on how to update.
This security update comes after, just over a week ago, Anonymous hacker “Stun” leaked the source code of ESX. The leak was first found out with a Twitter update, followed by the torrent posted on 1337x.org.
“Which VMware has succeed to ignore and continue producing on same level like it’s buddy Symantec did. Bullshitting people and selling crap. But it’s time for Anonymous finally to deliver,” said “Stun”.
Iain Mulholland, director of platform security for VMware, commented on the story:
It is possible that more related files will be posted in the future. We take customer security seriously and have engaged our VMware Security Response Center to thoroughly investigate.
Ensuring customer security is our top priority. As a matter of best practices with respect to security, VMware strongly encourages all customers to apply the latest product updates and security patches made available for their specific environment.
This also apparently is linked back to an April 2012 incident, where information was leaked also.
The kernel is apparently dated back to between 1998-2004, the years of which the kernel for VMware products was developed.
Users are encouraged to update their products with the latest product updates and security patches.
Oracle did what all of us were hoping they would do – release an out-of-band patch for the latest Java zero-day vulnerability. The new version of Java, 1.7.0_07 and 1.6.0_35, both fix the vulnerabilities mentioned in CVE-2012-4681.
If you need Java we recommend that you install this update immediately. If you have no need for Java we recommend that you uninstall Java all together instead if you haven’t already done so. More information from Oracle about the vulnerability and patch is available in their security alert.
Information obtained from Websense and other communities.
In the interest of fairness, Apple has deployed a newer security updating system in their next version of Mac OS X (dubbed Mountain Lion / v10.8). Its release in July will be just in time to save a lot of hassle dealing with security updating.
However, please note this new technology will not help with zero-day bugs. Sometimes, if a zero-day bug gets spread, the updating cannot be so quickly adapted.
Anyway, the Mountain Lion Security Update System is designed to assist users in getting the latest security updates for their system every day!
With Gatekeeper, the new anti-malware feature that checks application downloads for evidence of fraudulent/trojan activities, all of these new security features will help protect identities. It also proves something valuable: Mac OS is not invulnerable to malware.
If it was designed by hand, it can be cracked by hand! That’s the best security philosophy to have!!
This update is just planted from the aftermath of the Flashback Trojan/Botnet that affected up to or over 600,000 Macs. Apple is realizing their operating systems are no more secure than a Windows PC. Watch Microsoft and learn, friends! They’ve had the security patching mechanisms for over ten years…Apple has yet to release any.
Error: Twitter did not respond. Please wait a few minutes and refresh this page.